[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Gnash-commit] /srv/bzr/gnash/trunk r11163: improve SSL support, add SSL
From: |
rob |
Subject: |
[Gnash-commit] /srv/bzr/gnash/trunk r11163: improve SSL support, add SSL testcase. |
Date: |
Tue, 23 Jun 2009 15:37:39 -0600 |
User-agent: |
Bazaar (1.13.1) |
------------------------------------------------------------
revno: 11163
committer: address@hidden
branch nick: trunk
timestamp: Tue 2009-06-23 15:37:39 -0600
message:
improve SSL support, add SSL testcase.
added:
testsuite/network.all/client.pem
testsuite/network.all/root.pem
testsuite/network.all/test_ssl.cpp
modified:
libnet/sslclient.cpp
libnet/sslclient.h
testsuite/network.all/Makefile.am
------------------------------------------------------------
revno: 11098.1.1
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 14:02:46 -0600
message:
add command line options we'll need.
added:
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.2
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 21:21:03 -0600
message:
add more private data and accessors tp support SSL.
modified:
libnet/sslclient.cpp
libnet/sslclient.h
------------------------------------------------------------
revno: 11098.1.3
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 21:21:27 -0600
message:
add test case for SSL.
modified:
testsuite/network.all/Makefile.am
------------------------------------------------------------
revno: 11098.1.4
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 21:21:50 -0600
message:
add some actual tests.
modified:
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.5
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 21:22:47 -0600
message:
add test pem files so we can test certificates.
added:
testsuite/network.all/client.pem
testsuite/network.all/root.pem
------------------------------------------------------------
revno: 11098.1.6
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 22:33:22 -0600
message:
fix value for SSL port.
modified:
libnet/network.h
------------------------------------------------------------
revno: 11098.1.7
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 22:33:59 -0600
message:
more improvements, almost works now
modified:
libnet/sslclient.cpp
libnet/sslclient.h
------------------------------------------------------------
revno: 11098.1.8
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 22:34:28 -0600
message:
Tests most of the connection process, with error handling.
modified:
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.9
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 23:54:17 -0600
message:
add read test.
modified:
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.10
committer: address@hidden
branch nick: ssl
timestamp: Sun 2009-06-14 23:55:04 -0600
message:
add better error handling. Set the bio for the SSL connection correctly.
modified:
libnet/sslclient.cpp
libnet/sslclient.h
------------------------------------------------------------
revno: 11098.1.11
committer: address@hidden
branch nick: ssl
timestamp: Mon 2009-06-15 14:00:28 -0600
message:
More constants to source file. Don't derive from Network class, Network
class needs to use SSLCLient internally now.
modified:
libnet/sslclient.cpp
libnet/sslclient.h
------------------------------------------------------------
revno: 11098.1.12
committer: address@hidden
branch nick: ssl
timestamp: Mon 2009-06-15 14:02:04 -0600
message:
use a separate class for the network.
modified:
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.13
committer: address@hidden
branch nick: ssl
timestamp: Mon 2009-06-15 15:13:37 -0600
message:
include sys/types.h.
modified:
plugin/mozilla-sdk/include/npupp.h
plugin/mozilla-sdk/npplat.h
------------------------------------------------------------
revno: 11098.1.14
committer: address@hidden
branch nick: ssl
timestamp: Mon 2009-06-15 15:14:18 -0600
message:
add SSL connection to private data.
modified:
libnet/network.h
------------------------------------------------------------
revno: 11098.1.15
committer: address@hidden
branch nick: ssl
timestamp: Tue 2009-06-16 18:54:07 -0600
message:
start adding SSL support to the Network class.
modified:
libnet/network.cpp
libnet/network.h
testsuite/network.all/test_ssl.cpp
------------------------------------------------------------
revno: 11098.1.16
committer: address@hidden
branch nick: ssl
timestamp: Wed 2009-06-17 13:52:26 -0600
message:
initialize an SSL connection, and if SSL is initialized, use it's reading
and writing functions for encypted I/O.
modified:
libnet/network.cpp
------------------------------------------------------------
revno: 11098.1.17
committer: address@hidden
branch nick: ssl
timestamp: Wed 2009-06-17 13:52:47 -0600
message:
add const when writing arrays.
modified:
libnet/sslclient.cpp
libnet/sslclient.h
=== modified file 'libnet/sslclient.cpp'
--- a/libnet/sslclient.cpp 2009-06-11 02:45:38 +0000
+++ b/libnet/sslclient.cpp 2009-06-17 19:52:47 +0000
@@ -1,6 +1,6 @@
// ssl.cpp: HyperText Transport Protocol handler for Cygnal, for Gnash.
//
-// Copyright (C) 2005, 2006, 2007, 2008, 2009 Free Software Foundation, Inc.
+// Copyright (C) 2009 Free Software Foundation, Inc.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -26,10 +26,12 @@
#include <boost/shared_array.hpp>
#include <boost/scoped_array.hpp>
#include <boost/cstdint.hpp>
+#include <boost/array.hpp>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <string>
+#include <vector>
#include <iostream>
#include <cstring>
#include <sstream>
@@ -51,11 +53,7 @@
#ifdef HAVE_OPENSSL_SSL_H
#include <openssl/ssl.h>
-#endif
-
-// Not POSIX, so best not rely on it if possible.
-#ifndef PATH_MAX
-# define PATH_MAX 1024
+#include <openssl/err.h>
#endif
#if defined(_WIN32) || defined(WIN32)
@@ -75,122 +73,240 @@
// This is static in this file, instead of being a private variable in
// the SSLCLient class, is so it's accessible from the C function callback,
// which can't access the private data of the class.
-static std::string password;
+// static SSLClient::passwd_t password(SSL_PASSWD_SIZE);
+static string password;
namespace gnash
{
+const char *ROOTPATH = "/etc/pki/tls";
+const char *HOST = "localhost";
+const char *CA_LIST = "root.pem";
+const char *RANDOM = "random.pem";
+const char *KEYFILE = "client.pem";
+const size_t SSL_PASSWD_SIZE = 1024;
+
SSLClient::SSLClient()
- : _need_server_auth(true)
+ : _hostname("localhost"),
+ _calist(CA_LIST),
+ _keyfile(KEYFILE),
+ _rootpath(ROOTPATH),
+ _need_server_auth(true)
{
GNASH_REPORT_FUNCTION;
+
+// setPort(SSL_PORT);
+ setPassword("password");
}
SSLClient::~SSLClient()
{
- GNASH_REPORT_FUNCTION;
+// GNASH_REPORT_FUNCTION;
}
// Read bytes from the already opened SSL connection
-size_t
-SSLClient::sslRead(SSL &ssl, amf::Buffer &buf, size_t length)
-{
- GNASH_REPORT_FUNCTION;
+int
+SSLClient::sslRead(amf::Buffer &buf)
+{
+ GNASH_REPORT_FUNCTION;
+
+ return sslRead(buf.reference(), buf.allocated());
+}
+
+int
+SSLClient::sslRead(boost::uint8_t *buf, size_t size)
+{
+ GNASH_REPORT_FUNCTION;
+
+ ERR_clear_error();
+ int ret = SSL_read(_ssl.get(), buf, size);
+ if (ret < 0) {
+ log_error("Error was: \"%s\"!",
ERR_reason_error_string(ERR_get_error()));
+ }
+
+ return ret;
}
// Write bytes to the already opened SSL connection
-size_t
-SSLClient::sslWrite(SSL &ssl, amf::Buffer &buf, size_t length)
-{
- GNASH_REPORT_FUNCTION;
+int
+SSLClient::sslWrite(amf::Buffer &buf)
+{
+ GNASH_REPORT_FUNCTION;
+
+ return sslWrite(buf.reference(), buf.allocated());
+}
+
+int
+SSLClient::sslWrite(const boost::uint8_t *buf, size_t length)
+{
+ GNASH_REPORT_FUNCTION;
+
+ ERR_clear_error();
+ int ret = SSL_write(_ssl.get(), buf, length);
+ if (ret < 0) {
+ log_error("Error was: \"%s\"!",
ERR_reason_error_string(ERR_get_error()));
+ }
+ return ret;
}
// Setup the Context for this connection
-size_t
-SSLClient::sslSetupCTX(SSL &ssl)
+bool
+SSLClient::sslSetupCTX()
+{
+ return sslSetupCTX(_keyfile, _calist);
+}
+
+bool
+SSLClient::sslSetupCTX(std::string &keyspec, std::string &caspec)
{
GNASH_REPORT_FUNCTION;
SSL_METHOD *meth;
+ int ret;
+ string keyfile;
+ string cafile;
+
+ if (keyspec.find('/', 0) != string::npos) {
+ keyfile = keyspec;
+ } else {
+ keyfile = _rootpath;
+ keyfile += "/";
+ keyfile += keyspec;
+ }
+
+
+ if (caspec.find('/', 0) != string::npos) {
+ cafile = caspec;
+ } else {
+ cafile = _rootpath;
+ cafile += "/";
+ cafile += caspec;
+ }
+
+ // Initialize SSL library
SSL_library_init();
+
+ // Load the error strings so the SSL_error_*() functions work
SSL_load_error_strings();
- if (!_bio_error) {
- _bio_error.reset(BIO_new_fp(stderr, BIO_NOCLOSE));
- }
-
// create the context
- meth=SSLv23_method();
+ meth = SSLv23_method();
_ctx.reset(SSL_CTX_new(meth));
-
// Load our keys and certificates
- if(!(SSL_CTX_use_certificate_chain_file(_ctx.get(), _keyfile.c_str()))) {
- log_error("Can't read certificate file %s!", _keyfile);
+ if ((ret = SSL_CTX_use_certificate_chain_file(_ctx.get(),
keyfile.c_str())) != 1) {
+ log_error("Can't read certificate file \"%s\"!", keyfile);
+ return false;
+ } else {
+ log_debug("Read certificate file \"%s\".", keyfile);
}
+ // Set the passwor dcallback
SSL_CTX_set_default_passwd_cb(_ctx.get(), password_cb);
- if(!(SSL_CTX_use_PrivateKey_file(_ctx.get(), _keyfile.c_str(),
- SSL_FILETYPE_PEM))) {
- log_error("Can't read key file %s!", _keyfile);
+
+ // Add the first private key in the keyfile to the context.
+ ERR_clear_error();
+ if((ret = SSL_CTX_use_PrivateKey_file(_ctx.get(), keyfile.c_str(),
+ SSL_FILETYPE_PEM)) != 1) {
+ log_error("Can't read key file \"%s\"!", keyfile);
+ log_error("Error was: \"%s\"!",
ERR_reason_error_string(ERR_get_error()));
+ return false;
+ } else {
+ log_error("Read key file \"%s\".", keyfile);
}
// Load the CAs we trust
- if(!(SSL_CTX_load_verify_locations(_ctx.get(), CA_LIST, 0))) {
- log_error("Can't read CA list!");
+ ERR_clear_error();
+ if (!(SSL_CTX_load_verify_locations(_ctx.get(), cafile.c_str(), 0))) {
+ log_error("Can't read CA list from \"%s\"!", cafile);
+ log_error("Error was: \"%s\"!",
ERR_reason_error_string(ERR_get_error()));
+ return false;
+ } else {
+ log_debug("Read CA list from \"%s\"", cafile);
}
#if (OPENSSL_VERSION_NUMBER < 0x00905100L)
SSL_CTX_set_verify_depth(_ctx.get() ,1);
#endif
+ return true;
}
// Shutdown the Context for this connection
-size_t
-SSLClient::sslShutdown(SSL &ssl)
+bool
+SSLClient::sslShutdown()
{
GNASH_REPORT_FUNCTION;
SSL_CTX_free(_ctx.get());
- closeNet();
+// return closeNet();
+ return true;
}
// sslConnect() is how the client connects to the server
-size_t
-SSLClient::sslConnect(std::string &hostname)
+bool
+SSLClient::sslConnect(int fd)
+{
+ return sslConnect(fd, _hostname);
+}
+
+bool
+SSLClient::sslConnect(int fd, std::string &hostname)
{
GNASH_REPORT_FUNCTION;
+ int ret;
if (!_ctx) {
- sslSetupCTX(*_ssl);
+ if (!sslSetupCTX()) {
+ return false;
+ }
}
_ssl.reset(SSL_new(_ctx.get()));
- if (createClient(hostname, SSL_PORT) == false) {
- log_error("Can't connect to RTMP server %s", hostname);
- return(-1);
- }
-
- _bio.reset(BIO_new_socket(getFileFd(), BIO_NOCLOSE));
- if (SSL_connect(_ssl.get()) <= 0) {
+// // Make a tcp/ip connect to the server
+// if (createClient(hostname, getPort()) == false) {
+// log_error("Can't connect to server %s", hostname);
+// return false;
+// }
+
+ // Handshake the server
+ ERR_clear_error();
+ _bio.reset(BIO_new_socket(fd, BIO_NOCLOSE));
+ SSL_set_bio(_ssl.get(), _bio.get(), _bio.get());
+
+ if ((ret = SSL_connect(_ssl.get())) < 0) {
log_error("Can't connect to SSL server %s", hostname);
- return(-1);
+ log_error("Error was: \"%s\"!",
ERR_reason_error_string(ERR_get_error()));
+ return false;
+ } else {
+ log_debug("Connected to SSL server %s", hostname);
}
+ ERR_clear_error();
+#if 0
if (_need_server_auth) {
- checkCert(hostname);
+ checkCert(hostname);
}
+#endif
+
+ return true;
+}
+
+// sslAccept() is how the server waits for connections for clients
+size_t
+SSLClient::sslAccept()
+{
+ GNASH_REPORT_FUNCTION;
return 0;
}
-// sslAccept() is how the server waits for connections for clients
-size_t
-SSLClient::sslAccept(SSL &ssl)
+bool
+SSLClient::checkCert()
{
GNASH_REPORT_FUNCTION;
+ return checkCert(_hostname);
}
bool
@@ -198,15 +314,18 @@
{
GNASH_REPORT_FUNCTION;
- if (!_ssl) {
+ if (!_ssl || (hostname.empty())) {
return false;
}
X509 *peer;
char peer_CN[256];
- if (SSL_get_verify_result(_ssl.get()) !=X509_V_OK) {
+ if (SSL_get_verify_result(_ssl.get()) != X509_V_OK) {
log_error("Certificate doesn't verify");
+ return false;
+ } else {
+ log_debug("Certificate verified.");
}
// Check the cert chain. The chain length
@@ -214,7 +333,14 @@
// we set the verify depth in the ctx
// Check the common name
- peer = SSL_get_peer_certificate(_ssl.get());
+ if ((peer = SSL_get_peer_certificate(_ssl.get())) == 0) {
+ log_debug("Couldn't get Peer certificate!");
+ return false;
+ } else {
+ log_debug("Got Peer certificate.");
+ }
+
+ ERR_clear_error();
X509_NAME_get_text_by_NID (X509_get_subject_name(peer),
NID_commonName, peer_CN, 256);
@@ -234,22 +360,40 @@
log_debug (_("==== The SSL header breaks down as follows: ===="));
}
+// The password is a global variable so it can be set from a C function
+// callback.
+void
+SSLClient::setPassword(std::string pw) {
+ password = pw;
+}
+
+std::string &
+SSLClient::getPassword() {
+ return password;
+}
+
extern "C" {
+
// This is the callback required when setting up the password.
int
-password_cb(char *buf, int size, int rwflag,
- void *userdata)
+password_cb(char *buf, int size, int rwflag, void * /* userdata */)
{
- GNASH_REPORT_FUNCTION;
+// GNASH_REPORT_FUNCTION;
+ log_debug("Callback executed to set the SSL password, size is: %d",
+ password.size());
- if(size < password.size()) {
+ if(size <= static_cast<int>(password.size()+1)) {
log_error("The buffer for the password needs to be %d bytes larger",
password.size() - size);
return(0);
}
- std::copy(password.c_str(), password.c_str(), buf);
+ // copy the password, we'll need it later
+// std::copy(buf, buf + size, password.data());
+ std::copy(password.begin(), password.end(), buf);
+
return(password.size());
+
}
} // end of extern C
=== modified file 'libnet/sslclient.h'
--- a/libnet/sslclient.h 2009-06-11 02:45:38 +0000
+++ b/libnet/sslclient.h 2009-06-17 19:52:47 +0000
@@ -1,5 +1,5 @@
//
-// Copyright (C) 2007, 2008, 2009 Free Software Foundation, Inc.
+// Copyright (C) 2009 Free Software Foundation, Inc.
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -24,6 +24,7 @@
#endif
#include <string>
+#include <boost/array.hpp>
#include <map>
#include <vector>
#include <boost/shared_ptr.hpp>
@@ -44,46 +45,84 @@
namespace gnash
{
-const char *CA_LIST = "root.pem";
-const char *HOST = "localhost";
-const char *RANDOM = "random.pem";
+extern const char *ROOTPATH;
+extern const char *HOST;
+extern const char *CA_LIST;
+extern const char *RANDOM;
+extern const char *KEYFILE;
+extern const size_t SSL_PASSWD_SIZE;
-class DSOEXPORT SSLClient : public gnash::Network
+class DSOEXPORT SSLClient
{
public:
SSLClient();
~SSLClient();
// Read bytes from the already opened SSL connection
- size_t sslRead(SSL &ssl, amf::Buffer &buf, size_t length);
+ int sslRead(amf::Buffer &buf);
+ int sslRead(boost::uint8_t *buf, size_t length);
+ int sslRead(std::string &buf);
// Write bytes to the already opened SSL connection
- size_t sslWrite(SSL &ssl, amf::Buffer &buf, size_t length);
+ int sslWrite(amf::Buffer &buf);
+ int sslWrite(const boost::uint8_t *buf, size_t length);
+ int sslWrite(std::string &buf);
// Setup the Context for this connection
- size_t sslSetupCTX(SSL &ssl);
-
+ bool sslSetupCTX();
+ bool sslSetupCTX(std::string &keyfile, std::string &cafile);
+
// Shutdown the Context for this connection
- size_t sslShutdown(SSL &ssl);
+ bool sslShutdown();
// sslConnect() is how the client connects to the server
- size_t sslConnect(std::string &hostname);
+ bool sslConnect(int fd);
+ bool sslConnect(int fd, std::string &hostname);
// sslAccept() is how the server waits for connections for clients
- size_t sslAccept(SSL &ssl);
+ size_t sslAccept();
+
+ void setKeyfile(std::string filespec) { _keyfile = filespec; };
+ std::string &getKeyfile() { return _keyfile; };
+
+ void setCAlist(std::string filespec) { _calist = filespec; };
+ std::string &getCAlist() { return _calist; };
+
+ void setPassword(std::string pw);
+ std::string &getPassword();
+
+ void setCert(std::string filespec) { _cert = filespec; };
+ std::string &getCert() { return _cert; };
+
+ void setRootPath(std::string filespec) { _rootpath = filespec; };
+ std::string &getRootPath() { return _rootpath; };
+
+ void setPem(std::string filespec) { _pem = filespec; };
+ std::string &getPem() { return _pem; };
+
+ void setHostname(std::string name) { _hostname = name; };
+ std::string &getHostname() { return _hostname; };
+
+ void setServerAuth(bool flag) { _need_server_auth = flag; };
+ bool getServerAuth() { return _need_server_auth; };
+
+ // Check a certificate
+ bool checkCert();
+ bool checkCert(std::string &hostname);
void dump();
-
private:
- // Check a certificate
- bool checkCert(std::string &hostname);
-
boost::scoped_ptr<SSL> _ssl;
boost::scoped_ptr<SSL_CTX> _ctx;
boost::scoped_ptr<BIO> _bio;
boost::scoped_ptr<BIO> _bio_error;
- std::string _keyfile;
- bool _need_server_auth;
+ std::string _hostname;
+ std::string _calist;
+ std::string _keyfile;
+ std::string _cert;
+ std::string _pem;
+ std::string _rootpath;
+ bool _need_server_auth;
};
extern "C" {
=== modified file 'testsuite/network.all/Makefile.am'
--- a/testsuite/network.all/Makefile.am 2009-04-01 02:49:29 +0000
+++ b/testsuite/network.all/Makefile.am 2009-06-15 03:21:27 +0000
@@ -42,6 +42,8 @@
-I$(top_srcdir)/libcore/parser \
-I$(top_srcdir)/libcore/vm \
-I$(top_srcdir)/libcore/asobj \
+ -I$(top_srcdir)/libamf \
+ -I$(top_srcdir)/libnet \
-I$(top_srcdir)/testsuite \
-I$(top_srcdir)/testsuite/misc-ming.all \
$(MING_CFLAGS) \
@@ -50,15 +52,19 @@
-DMING_VERSION_CODE=$(MING_VERSION_CODE) \
$(NULL)
-AM_LDFLAGS = \
- $(MING_LIBS) \
+AM_LDFLAGS =
+ $(top_builddir)/libbase/libgnashbase.la \
+ $(top_builddir)/libamf/libgnashamf.la \
+ $(top_builddir)/libnet/libgnashnet.la \
$(OPENGL_LIBS) \
- $(GIF_LIBS) \
+ $(BOOST_LIBS) \
+ $(PTHREAD_LIBS)
$(NULL)
check_PROGRAMS = \
Dejagnu \
Dejagnu.swf \
+ test_ssl \
$(NULL)
check_SCRIPTS = \
@@ -104,6 +110,14 @@
Dejagnu.swf: Dejagnu
./Dejagnu $(top_srcdir)/testsuite/media
+test_ssl_SOURCES = test_ssl.cpp
+test_ssl_LDADD = \
+ $(top_builddir)/libbase/libgnashbase.la \
+ $(top_builddir)/libamf/libgnashamf.la \
+ $(top_builddir)/libnet/libgnashnet.la
+
+test_ssl_DEPENDENCIES = site-update
+
clean-local:
-rm *.swf media *.pp *unner
=== added file 'testsuite/network.all/client.pem'
--- a/testsuite/network.all/client.pem 1970-01-01 00:00:00 +0000
+++ b/testsuite/network.all/client.pem 2009-06-15 03:22:47 +0000
@@ -0,0 +1,32 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-EDE3-CBC,6D3B09E4CA5421FF
+
+SaDJA2MhJ12ZmDxfGkSLhQgjYPEQYqVfs5b4DZTz+9pJqzuNxHrZZU43oArbWBdB
+3DKc1THejbyHF2lY7xgPLk/5iax5r+CXesDKZroSliHyERBIOCUgDN6ecwvVGtYv
+C8IhlwGPEXyxr59lyV37RjkSUVXYBqiRbLlNIcQtp5T6GkFe+yftOnv6/UADCLTS
+Pu8xwkda1rf7dgPwYIKuk2SOTTe1VMDtWacRUGu8NteTJ4aiVaeeo9wdsKId5U2b
+Z7NTJjOjvdXOLRonfkGvDXmrmN4eICks0bV0ZBtkULAfGjKNGs6riY+XNGKNRmjI
+idRRB0za+EGorpiJ/vbe7n7uaFXIJlfqCwhTi4Up3mS8sR4tLHfmdjp85GV9P9B3
+xX3CHIeG5/EYDt0Qn1gRL5ODL/0O7nFGJslhcQUS6bMmcg9nSzhClTE2gREz0j9g
+pwzvRpEkIl3Tw4niZLIX8fW2cEIyKTBMCCG2MDwHHgXRL3SUXkOGeitFefkcXN/z
+/UWRS8XQcX7/lGWCiuEpgn+esoirjf8lFNVsx6OT0UXj3oBxGrz1iB/vpu/PMBVQ
+JsbEPSh/ElHSDUItw2ytjJmkolRtM01b7cFj16ZxbHjinXWTIGZFWUYIlaeA2zHK
+D/NRMFJwjrQYhjRgPqltvbw7M01Co7SNFBwSotARr36FBjsxbOH3F1jY6w+kXvJU
+X5m83C9UONM2K7kkKYXbE2yW+kzJF2LFX0Uu4yDluxNG767/WwqiQSI63aIzNAPp
+rSsaIMBSbVZia8q49gcvGyuvqBZpwm/PcZwr/PHJjvGs8hdU1ACmyQ==
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIICFTCCAX4CAgECMA0GCSqGSIb3DQEBBAUAMFcxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQKEwpSVEZNLCBJbmMuMRkwFwYDVQQLExBXaWRnZXRzIERpdmlzaW9uMRgwFgYD
+VQQDEw9UZXN0IENBMjAwMTA1MTcwHhcNMDEwNTE3MTYxMTM2WhcNMDQwMzA2MTYx
+MTM2WjBOMQswCQYDVQQGEwJVUzETMBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UE
+CxMQV2lkZ2V0cyBEaXZpc2lvbjEPMA0GA1UEAxMGY2xpZW50MIGfMA0GCSqGSIb3
+DQEBAQUAA4GNADCBiQKBgQCHNWSoNh6msUwYGGd7TYQDsdSG0ao6QXaYjk+78ZyM
+QeZUBu2dZFjG4wnzkKwrD4rp/J5PLR9AdxR72lb9AavEOKL2UDHJGsscZkGVw/bz
+ZbxrKF2rvdpZSvKP1OhV1MOds/WTpRm1gcmVSoV5vLOMqVjzjHoxQ/+1zpjzMxWL
+0wIDAQABMA0GCSqGSIb3DQEBBAUAA4GBACTJhRR5tv8A7dc5+zmKR1Q/i8qE3Mrn
+mp/MOXHfX+ifJ/w+twoc/yd4En+7pr+hGsiTofct1JOZDW9Akq/ZGu1+NpVRT7Cw
+53EdMwpi7ArwZAsLIUBsKA7QmLTbdwjU5S7WlZ24eygZHyqZrK4Few+JuzlFkkoI
+FIDCfinyz24m
+-----END CERTIFICATE-----
=== added file 'testsuite/network.all/root.pem'
--- a/testsuite/network.all/root.pem 1970-01-01 00:00:00 +0000
+++ b/testsuite/network.all/root.pem 2009-06-15 03:22:47 +0000
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIjCCAYugAwIBAgIBADANBgkqhkiG9w0BAQQFADBXMQswCQYDVQQGEwJVUzET
+MBEGA1UEChMKUlRGTSwgSW5jLjEZMBcGA1UECxMQV2lkZ2V0cyBEaXZpc2lvbjEY
+MBYGA1UEAxMPVGVzdCBDQTIwMDEwNTE3MB4XDTAxMDUxNzE2MDExNFoXDTA2MTIy
+NTE2MDExNFowVzELMAkGA1UEBhMCVVMxEzARBgNVBAoTClJURk0sIEluYy4xGTAX
+BgNVBAsTEFdpZGdldHMgRGl2aXNpb24xGDAWBgNVBAMTD1Rlc3QgQ0EyMDAxMDUx
+NzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmkX40warmH0+lnwD9YjsJhRz
+ZX6qXadFry0y2trZ6gMs8Mv33IKPwOu8TE7V+3PESEtjI2wr8juV9OkbIPOm+td5
+M8+6vXyIW+JBo3ch99i0QMTf5/jTgsW+3IjV8yEdiGcZFp2NWKLRvZPq2VRbuF7R
+1pvgcaRuBJ0wGOohwnsCAwEAATANBgkqhkiG9w0BAQQFAAOBgQCUB8zMKIlX5io8
+TalbzH9Qke7BcvFAL+wp/5w1ToVsWkNrINSWKv6bl/jcqOD3aPhK7qhaeOU8ZWKL
+PoPPCnRl9Wo+1JtsOO3qIgJP79Bl9ooLGahixF2v/gea5qNISjQvwYllLSa//APP
+6kXHngO0RIRbiTBYHSkAzm6hDdsvVA==
+-----END CERTIFICATE-----
=== added file 'testsuite/network.all/test_ssl.cpp'
--- a/testsuite/network.all/test_ssl.cpp 1970-01-01 00:00:00 +0000
+++ b/testsuite/network.all/test_ssl.cpp 2009-06-17 00:54:07 +0000
@@ -0,0 +1,266 @@
+//
+// Copyright (C) 2009 Free Software Foundation, Inc.
+//
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+#ifdef HAVE_CONFIG_H
+#include "gnashconfig.h"
+#endif
+
+#ifdef HAVE_DEJAGNU_H
+
+//#include <netinet/in.h>
+#include <boost/shared_ptr.hpp>
+#include <string>
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <iostream>
+#include <string>
+
+#include "as_object.h"
+#include "dejagnu.h"
+#include "http.h"
+#include "log.h"
+#include "openssl/ssl.h"
+#include "sslclient.h"
+#include "buffer.h"
+#include "network.h"
+#include "element.h"
+#include "sol.h"
+#include "arg_parser.h"
+#include "sslclient.h"
+
+using namespace amf;
+using namespace gnash;
+using namespace std;
+
+static void usage (void);
+
+static TestState runtest;
+
+static string infile;
+
+static void test_client();
+static SSLClient client;
+static Network net;
+
+LogFile& dbglogfile = LogFile::getDefaultInstance();
+
+int
+main(int argc, char *argv[])
+{
+ const Arg_parser::Option opts[] =
+ {
+ { 'h', "help", Arg_parser::no },
+ { 'v', "verbose", Arg_parser::no },
+ { 's', "hostname", Arg_parser::yes },
+ { 'o', "port", Arg_parser::yes },
+ { 'c', "cert", Arg_parser::yes },
+ { 'p', "pem", Arg_parser::yes },
+ { 'k', "leyfile", Arg_parser::yes },
+ { 'w', "password", Arg_parser::yes },
+ { 'a', "calist", Arg_parser::yes },
+ { 'r', "rootpath", Arg_parser::yes },
+ { 'n', "netdebug", Arg_parser::no },
+ };
+
+ Arg_parser parser(argc, argv, opts);
+ if( ! parser.error().empty() ) {
+ cout << parser.error() << endl;
+ exit(EXIT_FAILURE);
+ }
+
+ for( int i = 0; i < parser.arguments(); ++i ) {
+ const int code = parser.code(i);
+ try {
+ switch( code ) {
+ case 'h':
+ usage ();
+ exit(EXIT_SUCCESS);
+ case 'v':
+ dbglogfile.setVerbosity();
+ log_debug(_("Verbose output turned on"));
+ break;
+ case 's':
+ client.setHostname(parser.argument(i));
+ log_debug(_("Hostname for SSL connection is: %s"),
+ client.getHostname());
+ break;
+ case 'o':
+ net.setPort(parser.argument<short>(i));
+ log_debug(_("Port for SSL connections is: %hd"),
+ net.getPort());
+ break;
+ case 'c':
+ client.setCert(parser.argument(i));
+ log_debug(_("Cert file for SSL connection is: %s"),
+ client.getCert());
+ break;
+ case 'p':
+ client.setPem(parser.argument(i));
+ log_debug(_("Pem file for SSL connection is: %s"),
+ client.getPem());
+ break;
+ case 'k':
+ client.setKeyfile(parser.argument(i));
+ log_debug(_("Keyfile file for SSL connection is: %s"),
+ client.getKeyfile());
+ break;
+ case 'a':
+ client.setCAlist(parser.argument(i));
+ log_debug(_("CA List file for SSL connection is: %s"),
+ client.getCAlist());
+ break;
+ case 'r':
+ client.setRootPath(parser.argument(i));
+ log_debug(_("Root path for SSL pem files is: %s"),
+ client.getRootPath());
+ break;
+ case 'w':
+ client.setPassword(parser.argument(i));
+ log_debug(_("Password for SSL pem files is: %s"),
+ client.getPassword());
+ break;
+ case 'n':
+ net.toggleDebug(true);
+ break;
+ case 0:
+ infile = parser.argument(i);
+ log_debug(_("Input file for testing the SSL connection is:
%s"), infile);
+ break;
+ }
+ }
+
+ catch (Arg_parser::ArgParserException &e) {
+ cerr << _("Error parsing command line options: ") << e.what() <<
endl;
+ cerr << _("This is a Gnash bug.") << endl;
+ }
+ }
+
+ test_client();
+}
+
+static void test_client()
+{
+ size_t ret;
+ bool giveup = false;
+
+ // Make a tcp/ip connect to the server
+ if (net.createClient(client.getHostname(), SSL_PORT) == false) {
+ log_error("Can't connect to server %s", client.getHostname());
+ }
+
+ if (client.sslConnect(net.getFileFd())) {
+ runtest.pass("Connected to SSL server");
+ } else {
+ runtest.fail("Couldn't connect to SSL server");
+ giveup = true;
+ }
+
+ // I haven't seen a password with the first character set to
+ // zero ever. so we assume it got set correctly by the callback.
+ if (client.getPassword()[0] != 0) {
+ runtest.pass("Password was set for SSL connection");
+ } else {
+ if (giveup) {
+ runtest.unresolved("Password wasn't set for SSL connection");
+ } else {
+ runtest.fail("Password wasn't set for SSL connection");
+ }
+ }
+
+ if (giveup) {
+ runtest.unresolved("Cert didn't match hostfor SSL connection");
+ } else {
+ if (client.checkCert()) {
+ runtest.xpass("Cert matched host for SSL connection");
+ } else {
+ runtest.xfail("Cert didn't match host for SSL connection");
+ }
+ }
+
+ HTTP http;
+
+ if (giveup) {
+ runtest.unresolved("Couldn't write to SSL connection");
+ } else {
+ amf::Buffer &request = http.formatRequest("/crossdomain.xml",
HTTP::HTTP_GET);
+
+ if ((ret = client.sslWrite(request)) == request.allocated()) {
+ runtest.pass("Wrote bytes to SSL connection");
+ } else {
+ runtest.fail("Couldn't write to SSL connection.");
+ }
+ }
+
+#if 0
+ // This blocks forever unless data is received.
+ if (giveup) {
+ runtest.unresolved("Couldn't read bytes from SSL connection");
+ } else {
+ amf::Buffer buf;
+ if ((ret = client.sslRead(buf)) > 0) {
+ runtest.pass("Read bytes from SSL connection");
+ } else {
+ runtest.fail("Couldn't read bytes to SSL connection.");
+ }
+ }
+#endif
+
+ if (giveup) {
+ runtest.unresolved("Couldn't shutdown SSL connection");
+ } else {
+ if (client.sslShutdown()) {
+ runtest.pass("Shutdown SSL connection");
+ } else {
+ runtest.fail("Couldn't shutdown SSL connection");
+ }
+ }
+
+}
+
+static void
+usage (void)
+{
+ cerr << "This program tests SSL support in the libnet library." << endl;
+ cerr << "Usage: test_ssl [hvsocpkwar]" << endl;
+ cerr << "-h\tHelp" << endl;
+ cerr << "-v\tVerbose" << endl;
+ cerr << "-s\thostname" << endl;
+ cerr << "-o\tPort" << endl;
+ cerr << "-c\tCert File" << endl;
+ cerr << "-p\tPem file" << endl;
+ cerr << "-k\tKeyfile file" << endl;
+ cerr << "-w\tPassword" << endl;
+ cerr << "-a\tCA List" << endl;
+ cerr << "-r\tRoot path" << endl;
+ exit (-1);
+}
+
+#else
+
+int
+main(int /*argc*/, char /* *argv[]*/)
+{
+ // nop
+ cerr << "This program needs to have DejaGnu installed!" << endl;
+ return 0;
+}
+
+#endif
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Gnash-commit] /srv/bzr/gnash/trunk r11163: improve SSL support, add SSL testcase.,
rob <=